Location sensitive solid state drive

ABSTRACT

A data storage system including a SSD includes a capability to detect whether its location is acceptable for function, and a capability to self-disable in the event the location of the device is unacceptable, or to self-enable only while the location of the device is acceptable.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation of U.S. patent application Ser. No.14/632,628, filed 26 Feb. 2015; which is a continuation of U.S. Ser. No.14/017,808, filed 4 Sep. 2013 (Now U.S. Pat. No. 9,229,880 issued 15Jan. 2016); which is a continuation of U.S. Ser. No. 12/814,180, filed11 Jun. 2010 (Now U.S. Pat. No. 8,533,853 issued 10 Sep. 2013); whichclaims priority of U.S. Provisional Application No. 61/186,766, filed 12Jun. 2009, the entirety of which are incorporated herein by reference.

BACKGROUND

This invention relates to data storage and, particularly, to secureddata storage in solid state drives.

A solid state drive (SSD) is the non-elecromechanical (that is,“solid-state”) equivalent of the rotating, magnetic hard disk drive thatis used for storage in almost all computing applications such asdesk-top, laptop and notebook computers. The SSD uses non volatilesolid-state memory such as flash devices, in place of rotating magneticmemories and therefore has no moving parts. Most SSDs use flash memorybecause it requires very low power when not being read or written to,and power can be turned off without data loss. Other forms of memorysuch as DRAM or SRAM require battery back-up to ensure persistence ofdata.

The typical SSD consists of a microcontroller, memory and some powermanagement circuitry, and may or may not be internally encrypted. TheSSD is provided with a standard interface, such as an AdvancedTechnology Attachment (ATA) interface, including Serial ATA (SATA) andParallel ATA (PATA) (sometimes referred to as Integrated DriveElectronics (IDE) interface), ATA Packet Interface (ATAPI); a SmallComputer System Interface (SCSI) or a Serial Attached SCSI (SAS); aFirewire interface; or a specialized interface for military andaerospace applications.

The conventional rotating disk hard drive is vulnerable to vibration andshock. An SSD can be made as rugged as any other electronic circuitwithout moving parts, and a principal advantage of the SSD is that it ismuch more rugged than a rotating hard-drive. In addition the SSD isfaster and requires lower power. Disadvantages of SSDs principallyinclude relatively high cost and lower data density. However, the costper Gbyte for SSD storage is plummeting, and SSDs are now feasible in agreater number of applications. Within a few years, SSDs can be expectedto replace magnetic hard disk drives in a large proportion of laptop andnotebook computers.

Because of its ruggedness, SSD storage is ideal for deployment in harshenvironments, and SSDs are a compelling choice for applications such asmilitary, navy, aerospace, automotives, trains, oil drilling, etc. Inthese applications ruggedness usually overrides cost at some point sotheir acceptance here is happening more rapidly.

Data security is a major concern in hard drive data storage. Computersor hard drives may be stolen, or compact disks carrying data may bestolen or lost in transit. Results include misappropriation ofproprietary information including technology and corporate strategicplans, invasion of privacy or loss of personal identity, and theft offunds. Data security is extremely important in military and aerospaceapplications, in homeland security, etc.

SSDs can be encrypted with software keys determined from user enteredstrings or biometric sources such as a fingerprint reader or retinalscanner.

In many situations sensitive data on the SSD needs to be protected. Thisis accomplished by either physical destruction of the media or through asecure erase operation. This is a procedure that writes a predefineddata pattern over the media repetitively, guaranteeing that the existingdata cannot be recovered through any means.

SUMMARY

According to the invention, a geosecure data storage system makes use ofan SSD which includes the capability to detect whether its location isacceptable for function, and the capability to self-disable in the eventthe location of the device is unacceptable, or to self-enable only whilethe location of the device is acceptable. For example, the device couldbe set to detect its initial position and to self-disable if it is movedaway from the position. Or the device could be set to recognize one ormore locations which are acceptable for function, and to self-disablewhenever the device is not located within an acceptable position or toself-enable only while the device is located within an acceptableposition.

The device could self-disable by simply ceasing the processing of data;or by erasing data in memory so that the data cannot be recovered; or byphysical (hardware) self-destruction.

The device can be programmed to activate a data erase function when thedevice is not located in an acceptable position.

In one general aspect the invention features a data storage systemincluding a SSD, means for sensing the location of the device, means forspecifying one or more permitted operation locations, and means fordisabling the SSD in the event the sensed location of the device doesnot fall within a permitted location.

In another general aspect the invention features a data storage systemincluding a SSD, means for sensing the location of the device, means forspecifying one or more permitted operation locations, and means forencrypting data in the SSD or for changing an existing encryption of thedata in the SSD in the event the sensed location of the device does notfall within a permitted location.

In some embodiments the means for sensing location includes asatellite-based system (Global Navigation Satellite System (GNSS))receiver such as for example a Global Positioning System (GPS) receiver.The GPS receiver includes a tuned antenna, a receiver-processor, and aclock. A GPS-based device may be preferred for use outside buildings(outdoor use).

In some embodiments the means for sensing location includes aterrestrial radio transmitter-based system receiver such as for examplea LOng RAnge Navigation (LORAN) receiver or an Enhanced LORAN (E-LORAN)receiver. A LORAN-based device may be preferred for use inside buildings(indoor use) as well as outdoor use.

In some embodiments the location sensing means continually monitors thelocation of the device, and the device is programmed to identify one ormore permitted operation locations. The device operates only while itsactual (sensed) location matches a permitted location. In someembodiments the device self-disables when the actual (sensed) locationdoes not match a permitted location.

In some embodiments where the location sensing means continuallymonitors the location of the device, and the device is programmed toidentify one or more permitted operation locations, data in the deviceis encrypted, or is re-encrypted when the actual (sensed) location doesnot match a permitted location.

In some embodiments, in the event the device is powered off (orotherwise not in operation) when moved away from a permitted location,the device can self-disable, or the data can be encrypted orre-encrypted when the device is powered up (or when an attempt is madeto bring it into operation) in a nonpermitted location.

In some embodiments the device is programmable to activate a data erasefunction when the device is located in a nonpermitted location. In somesuch embodiments the device is programmable (and may be programmed) toactivate a fast erase function, or a secure erase function, or adestructive erase function.

In some embodiments the device further includes video front endcapability, so that the device can be connected to a source of videoinput such as a video camera; and the SSD stores video data. Such aSolid State Video Recorder (SSVR) can be employed for image monitoring,for security, etc.

The invention can be used to implement a repository for sensitivematerial such that security would be compromised if the information fellinto the wrong hands. It can also be used for industrial security toensure corporate secrets remain within the company. In salestransactions it could be used to store sensitive customer information.In medical applications, patient data could be stored without theconcern that if computers are stolen the files can be accessed. Laptopscontaining sensitive data could be moved from one secure location toanother (where each location is programmed into the geosecure drive) andensure that data cannot be accessed in an unsecured area.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram showing parts of a system according to anembodiment of the invention.

FIG. 2 is a block diagram showing parts of a system according to anotherembodiment of the invention.

FIG. 3 is a block diagram showing parts of a system according to anotherembodiment of the invention.

DETAILED DESCRIPTION

The invention will now be described in further detail by reference tothe drawings, which illustrate alternative embodiments of the invention.The drawings are diagrammatic, showing features of the invention andtheir relation to other features and structures, and are not made toscale. For improved clarity of presentation, in the FIGs. illustratingembodiments of the invention, elements corresponding to elements shownin other drawings are not all particularly renumbered, although they areall readily identifiable in all the FIGs. Also for clarity ofpresentation certain features are not shown in the FIGs., where notnecessary for an understanding of the invention.

Turning now to FIG. 1, features of a GNSS-based embodiment of theinvention are shown in a block diagram showing the relationship of thefunctions. The SSD (“existing solid state hard drive”) itself is shownenclosed by a broken line. It may be a conventional SSD, including amicrocontroller, memory and some power management circuitry, and it mayor may not be encrypted. It includes a memory (flash memory in thisexample) and a controller. In this example the controller includesbuilt-in encryption capability. The storage device can include any of avariety of forms of solid-state memory. The SSD includes a System DiskInterface (SDI: PATA/SATA in this example) for connection of the deviceto the host computer for data transfer.

The SSD can be made in the same footprint as conventional 3.5 inch, 2.5inch and 1.8 inch drives or it can be in a custom box, or can be addedas a module to a PCB, e.g., in single board computers, PC104 boards, andthe like. It can alternatively be configured into any custom” footprint,depending upon the form factor of the device in which it is deployed.

The device in this embodiment also includes a GPS antenna tuned toreceive signals from GPS satellites. The GPS signal is first passedthrough a filter (usually a Surface Acoustic Wave or SAW filter); thefiltered signal is then usually amplified by a Low Noise Amplifier (LNA)and is usually passed again through a second filter. The resultingfiltered and amplified analog RF signal is then passed to a Digital toAnalog Conversion circuit which provides the digitized input signal forsatellite determination. The Digital to Analog processing may or may notbe embedded in the position processor. The resulting digitized inputpasses to a Satellite Lookup and Processing function. In this example aninternal clock provides accurate time to the lookup and processingfunction, which establishes the instant geoposition (actual position) ofthe device. Then the actual position is compared to a list of one ormore programmed permitted locations in Position Key Lookup function,which sets a Security Key, based upon whether the actual locationmatches a permitted location. Where the Security Key Setting indicates anon match, the Controller function of the SSD may be caused to encrypt,or to re-encrypt, or otherwise to become disabled.

Turning now to FIG. 2, features of a LORAN-based embodiment of theinvention are shown in a block diagram showing relationships offunctions. The SSD (“existing solid state hard drive”) itself is shownenclosed by a broken line. As in the example shown in FIG. 1, it may bea conventional SSD, including a microcontroller, memory and some powermanagement circuitry, and it may or may not be encrypted. It includes amemory (flash memory in this example) and a controller. In this examplethe controller includes built-in encryption capability. The storagedevice can include any of a variety of forms of solid-state memory. TheSSD includes a System Disk Interface (SDI: PATA/SATA in this example)for connection of the device to the host computer for data transfer.

The SSD can be made in the same footprint as conventional 3.5 inch, 2.5inch and 1.8 inch drives or it can be in a custom box, or can be addedas a module to a PCB, e.g., in single board computers, PC104 boards, andthe like. It can alternatively be configured into any “custom”footprint, depending upon the form factor of the device in which it isdeployed.

The device in this embodiment also includes a LORAN antenna tuned toreceive signals from a set of land-based radio transmitters. The LORANsignal is first electronically filtered to provide a flat frequencyresponse; the resulting filtered analog signal is then passed to anAnalog to Digital Converter. This may or may not be a part of thepositioning processor. The resulting digitized input passes to a ZeroCrossing Processing function. An accurate time source provides timing tothe Zero Crossing Processing function, which establishes the instantgeoposition (actual position) of the device. The accurate time sourcemay or may not be a part of the positioning processor. The actualposition is then compared to a list of one or more programmed permittedlocations in Position Key Lookup function, which sets a Security Key,based upon whether the actual location matches a permitted location.Where the Security Key Setting indicates a nonmatch, the Controllerfunction of the SSD may be caused to encrypt, or to re-encrypt, orotherwise to become disabled.

A modification of the above-described LORAN Receiver is shown in FIG. 3.This is similar in concept to the LORAN-based receiver, but is optimizedto internal building antenna arrays. These arrays are also used todetermine location, but are optimized for operations inside a buildingthat may otherwise contain EMI shielding that would preventimplementation of the embodiments described above. The features of aLocal-antenna-based embodiment of the invention are shown in a blockdiagram showing relationships of functions. The SSD (“existing solidstate hard drive”) itself is shown enclosed by a broken line. As in theexample shown in FIG. 2, it may be a conventional SSD, including amicrocontroller, memory and some power management circuitry, and it mayor may not be encrypted. It includes a memory (flash memory in thisexample) and a controller. In this example the controller includesbuilt-in encryption capability. The storage device can include any of avariety of forms of solid-state memory. The SSD includes a System DiskInterface (SDI: PATA/SATA in this example) for connection of the deviceto the host computer for data transfer.

The SSD can be made in the same footprint as conventional 3.5 inch, 2.5inch and 1.8 inch drives or it can be in a custom box, or can be addedas a module to a PCB, e.g., in single board computers, PC104 boards, andthe like. It can alternatively be configured into any “custom”footprint, depending upon the form factor of the device in which it isdeployed.

The device in this embodiment also includes an array of intra-buildingantennas to provide the radio signal broadcasting equivalent of theprevious LORAN implementation. Here the geosecure drive antennas aretuned to receive signals from the intra-building broadcasting radiotransmitters. This allows finer resolution of position within thebuilding allowing secure operations with detection of even smallerchanges in location. Similar to FIG. 2, the received signal is firstelectronically filtered to provide a flat frequency response; theresulting filtered analog signal is then passed to an Analog to DigitalConverter. This may or may not be a part of the positioning processor.The resulting digitized input passes to a Zero Crossing Processingfunction. An accurate time source provides timing to the Zero CrossingProcessing function, which establishes the instant geoposition (actualposition) of the device. The accurate time source may or may not be apart of the positioning processor. The actual position is then comparedto a list of one or more programmed permitted locations in Position KeyLookup function, which sets a Security Key, based upon whether theactual location matches a permitted location. Where the Security KeySetting indicates a nonmatch, the Controller function of the SSD may becaused to encrypt, or to re-encrypt, or otherwise to become disabled.

EXAMPLE 1

The following example lists a set of actions that can be provided by ageosecure solid state drive according to an embodiment of the invention.While these constitute a basic set of functions, this is not acomprehensive list:

Load Key Locations: This function allows the user to set a table oflocations where operation is acceptable. In another implementation, theuser could set a set of locations where operation is not acceptable.

Read Key Locations: This function reads a table of acceptable functionsinto the system.

Read Current Location: This function reads the current location from theGPS or LORAN subsystem to determine the acceptability for operation.

Compare Location: This function compares the current location with thepre-entered table of acceptable locations.

Set Key: This function will set the encryption key based on the currentlocation.

Set Encryption Method: This function specifies the current encryptionalgorithm used by the system to encode data.

Encrypt: This function will encrypt the data using the currently set keyand encryption algorithm.

Decrypt: This function will produce the opposite effect of the previousfunction and will unencrypt the data.

Set Destructive Erase Method: Select the method for destructive erase ofsensitive data used for device sanitization.

EXAMPLE 2

The following example lists types of data erase functions that can beemployed in a geosecure solid state drive according to embodiments ofthe invention. The functions may be employed individually or incombination.

Fast Erase: In a fast erase procedure the solid state drive is erased inparallel operations that result in erase of the drive in a short time,for example less than 1 minute. The erase sequence is sent concurrentlyto all of the devices. Typically the data are destroyed, but they can berecovered by use of complex analysis equipment (detecting residualcharge left on the memory cells following erase). The drive isrecoverable, and can be reprogrammed for use.

Secure Erase: A secure erase procedure adds an overwrite to a previouserase procedure (such as a fast erase procedure). The overwrite can be arandom or a fixed pattern of data, and can be carried out repeatedly toreplace any residual charge on the memory cells with random ormeaningless data. The data are, accordingly, nonrecoverable. The driveis recoverable, and can be reprogrammed for use.

Destructive Erase: A destructive erase procedure uses high voltage orsome other technique to physically destroy the memory cells and/or readwrite buffers associated with the solid state drive. The data on thedrive is not recoverable following destructive erase, and the drivecannot be reprogrammed for use.

Other embodiments are contemplated within the invention. For example,the device may be provided with a video front end, and coupled to asource of video input such as a video camera. The SSD stores video data,so that the device becomes a location sensitive. Solid State VideoRecorder (SSVR). In this embodiment also, moving the drive to anothergeographically unique location as determined by the GPS or Loran circuitwill result in either destruction of the video data therein or in makingthe data inaccessible to another person through change in encryption keyor other concealment mechanism.

In another embodiment the data can be stored and encrypted when thedevice is in one location and then the key selection can be changed suchthat the data can be read only in a second location.

1. A self-disabling, geo-secure data storage system, comprising: a solidstate drive (SSD); a system disk interface (SDI) for connection of saidsolid state drive (SSD) to a host system; an antenna and satellitelookup and determination system to detect a current location of saidself-disabling, geo-secure data storage system; and a controller tocause said solid state drive (SSD) to disable when said detected currentlocation of said self-disabling, geo-secure data storage systemdetermines that said self-disabling data storage system is currentlyoutside a given permissible geographic area.